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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the applications: 
Listing of Claims: 

1 . (PREVIOUSLY PRESENTED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token processor, communicatively coupled to the token memory and communicatively 
coupleable to the host processing device via the USB-compliant interface, the token processor for 
providing the host processing device conditional access to user private data stored in the token 
memory; and 

a user input device, communicatively coupled to the token processor by a path distinct from 
the USB-compliant interface, for accepting an input for processing by the token processor to signal 
authorization of a token processor operation providing access to the user private data stored in the 
token memory, the input in response to a message received in the token from the host processing 
device via the USB-compliant interface invoking the token processor operation, wherein user 
authentication occurs on the token. 

2. (ORIGINAL) The apparatus of claim 1, wherein the path is entirely internal to the 

token. 

3. (CANCELED) 

4. (PREVIOUSLY PRESENTED) The apparatus of claim 1, wherein the user private 
data is designated as requiring authorization before access by an associated identification stored in 
the memory. 
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5 . (PREVIOUSLY PRESENTED) The apparatus of claim 1 , wherein the user input 
device comprises at least one pressure-sensitive device actuatable from an exterior surface of the 
token. 

6. (ORIGINAL) The apparatus of claim 5, wherein the input device comprises at least 
one push-button switch. 

7. (ORIGINAL) The apparatus of claim 1, further comprising: 

an output device, communicatively coupled to the processor by a second path distinct from 
the USB-compliant interface, for prompting a user to provide an authorization of a processor 
operation. 

8. (ORIGINAL) The apparatus of claim 7, wherein the path and the second path are a 
common path. 

9. (ORIGINAL) The apparatus of claim 7, wherein the output device prompts the user 
to provide an authorization of the processor operation when processor operation requires access to 
the private data stored in the memory. 

10. (ORIGINAL) The apparatus of claim 7, wherein the output device comprises at least 
one light-emitting device. 

1 1 . (ORIGINAL) The apparatus of claim 7, wherein the output device comprises at least 
one aural reproduction device. 

12. (ORIGINAL) The apparatus of claim 7, wherein the output device comprises at least 
one liquid crystal display (LCD). 
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13. (ORIGINAL) The apparatus of claim 7, wherein the output device provides an 
alphanumeric message indicating that user input is required. 

14. (ORIGINAL) The apparatus of claim 13, wherein the alphanumeric message 
identifies the processing operation. 

15. (ORIGINAL) The apparatus of claim 13, wherein the alphanumeric message 
identifies a private key. 

16. (CANCELED) 

17. (CANCELED) 

18. (PREVIOUSLY PRESENTED) A method of authorizing access to private data 
stored in a token having a processor communicatively coupled to a host processor via a Universal 
Serial Bus (USB) interface, comprising the steps of: 

authenticating a user identity in the token; 

accepting a command in the token invoking a token processor operation via the USB 
interface; 

accepting a user input signaling authorization of the token processor operation via an input 

device; 

providing the user input to the token processor via a communication path distinct from 
the USB-compliant interface; and 

processing the user input in the token processor to authorize the invoked token processor 
operation. 
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19. (PREVIOUSLY PRESENTED) The method of claim 18, further comprising 
the steps of: 

determining if the processor operation requires access to the private data stored in the 
token; and 

prompting a user to authorize the processor operation via an output device communicatively 
coupled to the processor if the processor operation requires access to private data stored in a 
memory in the token. 

20. (ORIGINAL) The method of claim 19, v^herein the output device is 
communicatively coupled to the processor by a second communication path distinct from the USB- 
compliant interface. 

21. (ORIGINAL) The method of claim 20, v^herein the first path and the second path are 
common. 

22. (ORIGINAL) The method of claim 20, wherein the step of determining if the 
processor requires access to a private key stored in the token comprises the steps of: 

determining v^hich data stored in the memory is affected by the processor operation; and 
determining whether the data affected by the processor operation is associated with an 
identification designating the data as a private key. 

23. (ORIGINAL) The method of claim 20, wherein the path is entirely intemal to the 

token. 

24. (ORIGINAL) The method of claim 20, wherein the input device is a pressure- 
sensitive device actuatable from an exterior surface of the token. 

25. (ORIGINAL) The method of claim 24, wherein the input device is a push-button 
switch actuatable from an exterior surface of the token. 
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26. (ORIGINAL) The method of claim 20, wherein the output device comprises at least 
one light emitting device. 

27. (ORIGINAL) The method of claim 20, wherein the output device comprises at least 
one aural reproduction device. 

28. (PREVIOUSLY PRESENTED) The method of claim 20, wherein the output device 
comprises at least one liquid crystal display. 

29. (ORIGINAL) The method of claim 20, wherein the step of prompting the user to 
authorize the processor operation via an output device comprises the step of: 

providing an alphanumeric message indicating that user input is required. 

30. (ORIGINAL) The method of claim 29, wherein the alphanumeric message identifies 
the processing operation. 

3 1 . (ORIGINAL) The method of claim 29, wherein the alphanumeric message identifies 
the private data. 

32. (CANCELED) 

33. (CANCELED) 

34. (ORIGINAL) The method of claim 20, wherein the command is an 
authorization request including a challenge value and the processor operation is a hash function 
using the challenge value and the private data. 
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35. (PREVIOUSLY PRESENTED) A program storage device, readable by a computer, 
tangibly embodying at least one program of instructions executable by the computer to perform 
method steps of authorizing access to private data stored in a token having a processor 
communicatively coupled to a host processor via a Universal Serial Bus (USB) interface, the 
method steps comprising the steps of 

authenticating, in the token, a user identity; 

accepting a command in the token invoking a token processor operation via the USB- 
compliant 
interface; 

determining, in the token, if the token processor operation requires access to the private 
data stored in the token; 

prompting the user to authorize the token processor operation via an output device 
communicatively coupled to the token processor by a path distinct from the USB-compliant 
interface if the token processor operation requires access to a private data stored in a memory in 
the token; 

accepting a user input signaling authorization of the token processor operation via an input 
device; and 

providing the user input to the token processor via a communication path distinct from 
the USB-comphant interface. 

36. (ORIGINAL) The program storage device of claim 35, wherein the first path and the 
second path are common. 

37. (ORIGINAL) The program storage device of claim 35, wherein the method step of 
determining if the processor requires access to a private key stored in the token comprises the steps 
of: 

determining which data stored in the memory is affected by the processor operation; and 
determining whether the data affected by the processor operation is associated with an 
identification designating the data as the private key. 
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38. (ORIGINAL) The program storage device of claim 35, wherein the path is entirely 
internal to the token. 

39. (ORIGINAL) The program storage device of claim 35, wherein the input device is a 
pressure-sensitive device actuatable from exterior surface of the token. 

40. (ORIGINAL) The program storage device of claim 39, wherein the input device is a 
push-button switch actuatable from an exterior surface of the token. 

41 . (ORIGINAL) The program storage device of claim 35, wherein the output device 
comprises at least one light emitting device. 

42. (ORIGINAL) The program storage device of claim 35, wherein the 
output device comprises at least one aural reproduction device. 

43. (ORIGINAL) The program storage device of claim 35, wherein the output device 
comprises at least one liquid crystal display. 

44. (ORIGINAL) The program storage device of claim 35, wherein the method step of 
prompting the user to authorize the processor operation via an output device comprises the method 
step of: 

providing an alphanumeric message indicating that user input is required. 

45. (ORIGINAL) The program storage device of claim 44, wherein the alphanumeric 
message identifies the processing operation. 

46. (ORIGINAL) The program storage device of claim 44, wherein the 
alphanumeric message identifies the private data. 
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47. (CANCELED) 

48. (CANCELED) 

49. (PREVIOUSLY PRESENTED) A compact personal token, comprising: 

a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token processor, coupled to the token memory and communicatively coupleable to the host 
processing device via the USB-compliant interface, the token processor for providing the host 
processing device conditional access to store and retrieve data storable in the token memory, the 
data including a personal identification private to the user; and 

a user input device, communicatively coupled to the token processor by a path distinct from 
the USB-compliant interface, for accepting a user input describing the personal identification, the 
user input device for authenticating by the token the personal identification private to the user. 

50. (ORIGINAL) The apparatus of claim 49, wherein the user input device comprises a 
character input device. 

5 1 . (PREVIOUSLY PRESENTED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 

a memory; 

a processor, coupled to the memory and communicatively coupleable to the host processing 
device via the USB-compliant interface, the processor for providing the host processing device 
conditional access to store and retrieve data storable in the memory, the data including a personal 
identification private to the user; and 

a user input device, communicatively coupled to the processor by a path distinct fi^om the 
USB-compliant interface, for accepting a user input describing the personal identification, the user 
input device comprising a character input device, 

the character input device comprising a wheel having an input position for each character 
in an input character set. 
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52. (ORIGINAL) The apparatus of claim 51, wherein each character is selected by 
depression of the wheel. 

53. (PREVIOUSLY PRESENTED) The apparatus of claim 49, wherein the user input 
device comprises a first pressure sensitive device actuatable from an exterior side of the token, and a 
second pressure sensitive device actuatable from the exterior side of the token, wherein actuation of 
the first pressure sensitive device selects a character from a character set, and actuation of the 
second pressure sensitive device enters the character as at least a portion of the personal 
identification. 

54. (PREVIOUSLY PRESENTED) A method of authentication using a token having a 
processor communicatively coupled to a host processor via a Universal Serial Bus (USB) compliant 
interface, comprising the steps of: 

accepting a command in the token invoking a token processor operation via the USB- 
compliant interface; 

determining if the token processor operation requires access to the personal identification 
storable in a memory of the token; 

determining if the personal identification is stored in the memory of the token; 

prompting the user to enter a personal identification if the token processor operation requires 
access to the personal identification and the personal identification is not stored in the memory of 
the token; 

accepting a user input comprising a personal identification via an input device; 
authenticating in the token the user input comprising a personal identification via an input 
device; and 

providing the user input to the processor via a communication path distinct from the 
USB-compUant interface. 

55. (CANCELED) 
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56. (PREVIOUSLY PRESENTED) The method of claim 54, wherein the step of 
prompting the user to enter the personal identification number comprises the step of activating a 
user output device via a second communication path distinct from the USB compliant interface. 

57. (ORIGINAL) The method of claim 54, wherein the input device comprises a 
character input device. 

58. (PREVIOUSLY PRESENTED) A method of authentication using a token having a 
processor communicatively coupled to a host processor via a Universal Serial Bus (USB) compliant 
interface, comprising the steps of: 

accepting a command in the token invoking a processor operation via the USB- 
compliant interface; 

determining if the processor operation requires access to the personal identification 
storable in a memory of the token; 

determining if the personal identification is stored in the memory of the token; 

prompting the user to enter a personal identification if the processor operation requires 
access to the personal identification and the personal identification is not stored in the memory of 
the token; 

accepting a user input comprising a personal identification via an input device; 

and 

providing the user input to the processor via a communication path distinct from the 
USB-compliant interface, wherein the input device comprises a character input device, the character 
input device comprising a wheel having an input position for each character in an input character 
set. 

59. (ORIGINAL) The method of claim 58, wherein each character is selected by 
depression of the wheel. 
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60. (ORIGINAL) The method of claim 54, wherein the user input device comprises a 
first pressure sensitive device actuatable from an exterior side of the token, and a second pressure 
sensitive device actuatable from an exterior side of the token, wherein actuation of the first pressure 
sensitive device selects a character from a character set, and actuation of the second pressure 
sensitive device enters the character as at least a portion of the personal identification. 

6 1 . (PREVIOUSLY PRESENTED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token processor, communicatively coupled to the token memory and commimicatively 
coupleable to the host processing device via the USB-compliant interface, the token processor for 
providing the host processing device conditional access to user private data storable in the token 
memory; and 

a user input device, communicatively coupled to the token processor by a path distinct from 
the USB-compliant interface, the user input device for signaling authorization of a token processor 
operation invoked by a message received in the token via the USB-compliant interface, wherein the 
token authenticates user identity. 

62. (ORIGINAL) The apparatus of claim 61, wherein the user input device is 
configured to control an operation of the processor. 

63. (ORIGINAL) The apparatus of claim 61, wherein the operation comprises an 
operation selected from the group comprising: 

an encryption operation; and 
a decryption operation. 

64. (ORIGINAL) The apparatus of claim 61, wherein the operation comprises a 
digital signature operation using a private key stored in the memory. 
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65. (ORIGINAL) The apparatus of claim 61, wherein the input device comprises at least 
one pressure-sensitive device actuatable from an exterior surface of the token. 

66. (ORIGINAL) The apparatus of claim 61 , wherein the input device 
comprises at least one push-button switch. 

67. (ORIGINAL) The apparatus of claim 61, further comprising an output device, 
communicatively coupled to the processor by path distinct from the USB-compliant interface, for 
providing information regarding the operation of the processor. 

68. (ORIGINAL) The apparatus of claim 67, wherein the output device comprises at 
least one light emitting device. 

69. (ORIGINAL) The apparatus of claim 67, wherein the output device comprises at 
least one liquid crystal display. 

70. (ORIGINAL) The apparatus of claim 67, wherein the output device comprises at 
least one aural output device. 

7 1 . (PREVIOUSLY PRESENTED) A method of authorizing access to private data 
stored in a token having a processor communicatively coupled to a host processor via a Universal 
Serial Bus (USB) interface, comprising the steps of: 

authenticating a user identity in the token; 

accepting a command in the token invoking a token processor operation via the USB- 
compliant interface; 

accepting a user input to control the token processor operation via an input device; and 
providing the user input to the token processor via a communication path distinct from 
the USB-compUant interface. 
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72. (ORIGINAL) The method of claim 71, wherein the operation comprises an 
operation selected from the group comprising: 

an encryption operation; 

a decryption operation; and 

a digital signature operation using a private key. 

73. (ORIGINAL) The method of claim 71, wherein the user input device comprises at 
least one pressure sensitive device actuatable from an exterior surface of the token. 

74. (ORIGINAL) The method of claim 71, fiirther comprising the step of prompting the 
user to control the processor operation via an output device communicatively coupled to the 
processor by a second path distinct from the USB-compHant interface. 

75. (ORIGINAL) The method of claim 74, wherein the path and the second path are 
common. 

76. (PREVIOUSLY PRESENTED) The method of claim 74, wherein the output device 
is selected from the group comprising: 

a light emitting device; 
a liquid crystal display; and 
an aural reproduction device. 
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77. (PREVIOUSLY PRESENTED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token processor, communicatively coupled to the token memory and communicatively 
coupleable to the host processing device via the USB-compHant interface, the token processor for 
providing the host processing device conditional access to data storable in the memory; the token 
processor for authenticating a user identity; and 

a user output device, communicatively coupled to the USB-compliant interface, for 
providing an indication of a data signal from the USB-compliant interface. 

78. (CANCELED) 

79. (CANCELED) 

80. (PREVIOUSLY PRESENTED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token processor, communicatively coupled to the token memory and communicatively 
coupleable to the host processing device via the USB-compliant interface, the token processor for 
providing the host processing device conditional access to data storable in the token memory, the 
token processor authenticating a user identify; and 

a user output device, communicatively coupled to the token processor. 

81. (ORIGINAL) The apparatus of claim 80, wherein the user output device is coupled 
to the processor by a path distinct from the USB-compliant interface. 

82. (ORIGINAL) The apparatus of claim 80, wherein the user output device is 
configured to indicate the operation of the processor. 
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83. (ORIGINAL) The apparatus of claim 80, wherein the operation comprises an 
operation selected from the group comprising: 

an encryption operation; 

a decryption operation; and 

a digital signature operation using a private key. 

84. (PREVIOUSLY PRESENTED) The apparatus of claim 80, wherein the user output 
device is selected from a group comprising: 

at least one light emitting device; 
at least one liquid crystal display; and 
at least one aural device. 

85. (ORIGINAL) The apparatus of claim 80, ftirther comprising an input 
device, communicatively coupled to the processor by path distinct from the USB-compliant 
interface, for providing information for the operation of the processor. 

86. (PREVIOUSLY PRESENTED) A method of authorizing access to private data 
stored in a token having a processor communicatively coupled to a host processor via a Universal 
Serial Bus (USB) interface, comprising the steps of: 

authenticating in the token a user identity; 

accepting a command in the token invoking a token processor operation via the USB- 
compliant interface; and 

signaling the token processor operation, via a user output device communicatively coupled 
to the token processor via a communication path distinct from the USB-compliant interface. 
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87. (ORIGINAL) The method of claim 86, wherein the operation comprises an 
operation 

selected from the group comprising: 
an encryption operation; 
a decryption operation; and 
a digital signature operation using a private key. 

88. (CANCELED) 

89. (ORIGINAL) The method of claim 86, wherein the user output device is selected 
from the group comprising: 

at least one light emitting device; 
at least one liquid crystal display; and 
an aural device. 
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